SCS AnyConnect VPN Client

VPN software allows a computer on another network to look like it has an SCS name and IP address when it talks to hosts on the SCS network. Using VPN, a remote host can access restricted network services that can only be used by SCS hosts.

The AnyConnect client provides remote users with secure VPN connections using the Secure Socket Layer (SSL) protocol and the Datagram TLS (DTLS) protocol. The AnyConnect client provides remote end users running Microsoft Windows, Linux, and Mac OS X, with the benefits of a Cisco SSL VPN client, and supports applications and functions unavailable to a clientless, browser-based SSL VPN connection. This release supports the SSL and DTLS protocol. This release does not include IPsec support.

VPN & security

The VPN software uses certificates to authenticate your computer, and your Kerberos /remote instance (i.e. bovik/remote) to authenticate you. It encrypts network traffic between your host and the SCS network; traffic is not encrypted after it reaches our network. VPN is not a substitute for using software such as SSH or Kerberized telnet to protect passwords and other sensitive data sent over the network.

SCS Anyconnect Profiles

There are 2 SCS Anyconnect profiles: scs.vpn.cmu.edu and scs-split.vpn.cmu.edu. The scs.vpn.cmu.edu profile passes all traffic through the tunnel. The scs-split.vpn.cmu.edu profile tunnels only traffic destined to CMU and will allow users on their home network to access local printers and devices while still having access to IP restricted CMU/SCS resources. SCS facilities recommends that the scs.vpn.cmu.edu full tunnel profile be used when connecting to the SCS Anyconnect service from either Carnegie Mellon's wireless network or any public wireless network.

How to install and use VPN

Note: You must be CMU School of Computer Science faculty, staff, or a graduate student in order to download, install, and use this software.

Before installing

You will need a /remote Kerberos instance and password to use the VPN software. If you do not already have those credentials, you can use the SCS Web-based tool to create or manage Kerberos instances for use with VPN and other remote-access systems.

Downloading the AnyConnect Software

Go to the networking downloads page to download the software and SCS-specific installation instructions (authentication required).

Troubleshooting & FAQs

See the AnyConnect FAQs for troubleshooting information and answers to Frequently Asked Questions.

This site is maintained by SCS Computing Facilities; send
comments to help@cs.cmu.edu.